.- - -----÷M÷E÷N÷U÷------------------------------------------------------------- --- ---- -------------.
! WALL ! STATS ! GOODIES ! YARA ! FAQ ! RSS ! EMV !
`-------------- - --- ---------- -------- -------- -------- -------- ----------------- - ---- ---- --'
ATM MALWARE NOTICE
b39c5992c2cb70c76c82d6fba3cc0b7972c2f9b35227934b766e810f20a5f053
Date...........: 2011-01-17
Family.........: Trojan.Skimer.9
File name......: lsass.exe
File size......: 49.00 KB
Type file......: EXE/Windows
Virscan........: VT - HA
Entropy:
Binary Histogram:
=== SCREENSHOT ===
=== PEDUMP REPORT ===
=== MZ Header ===
signature: "MZ"
bytes_in_last_block: 80 0x50
blocks_in_file: 2 2
num_relocs: 0 0
header_paragraphs: 4 4
min_extra_paragraphs: 15 0xf
max_extra_paragraphs: 65535 0xffff
ss: 0 0
sp: 184 0xb8
checksum: 0 0
ip: 0 0
cs: 0 0
reloc_table_offset: 64 0x40
overlay_number: 26 0x1a
reserved0: 0 0
oem_id: 0 0
oem_info: 0 0
reserved2: 0 0
reserved3: 0 0
reserved4: 0 0
reserved5: 0 0
reserved6: 0 0
lfanew: 256 0x100
=== DOS STUB ===
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..|
00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus|
00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W|
00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........|
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
=== PE Header ===
signature: "PE\x00\x00"
# IMAGE_FILE_HEADER:
Machine: 332 0x14c x86
NumberOfSections: 8 8
TimeDateStamp: "1992-06-19 22:22:17"
PointerToSymbolTable: 0 0
NumberOfSymbols: 0 0
SizeOfOptionalHeader: 224 0xe0
Characteristics: 33166 0x818e EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO
32BIT_MACHINE, BYTES_REVERSED_HI
# IMAGE_OPTIONAL_HEADER32:
Magic: 267 0x10b 32-bit executable
LinkerVersion: 2.25
SizeOfCode: 40448 0x9e00
SizeOfInitializedData: 8704 0x2200
SizeOfUninitializedData: 0 0
AddressOfEntryPoint: 44112 0xac50
BaseOfCode: 4096 0x1000
BaseOfData: 45056 0xb000
ImageBase: 4194304 0x400000
SectionAlignment: 4096 0x1000
FileAlignment: 512 0x200
OperatingSystemVersion: 4.0
ImageVersion: 0.0
SubsystemVersion: 4.0
Reserved1: 0 0
SizeOfImage: 77824 0x13000
SizeOfHeaders: 1024 0x400
CheckSum: 0 0
Subsystem: 2 2 WINDOWS_GUI
DllCharacteristics: 0 0
SizeOfStackReserve: 1048576 0x100000
SizeOfStackCommit: 16384 0x4000
SizeOfHeapReserve: 1048576 0x100000
SizeOfHeapCommit: 4096 0x1000
LoaderFlags: 0 0
NumberOfRvaAndSizes: 16 0x10
=== DATA DIRECTORY ===
EXPORT rva:0x 0 size:0x 0
IMPORT rva:0x e000 size:0x cba
RESOURCE rva:0x 12000 size:0x 3f0
EXCEPTION rva:0x 0 size:0x 0
SECURITY rva:0x 0 size:0x 0
BASERELOC rva:0x 11000 size:0x 964
DEBUG rva:0x 0 size:0x 0
ARCHITECTURE rva:0x 0 size:0x 0
GLOBALPTR rva:0x 0 size:0x 0
TLS rva:0x 10000 size:0x 18
LOAD_CONFIG rva:0x 0 size:0x 0
Bound_IAT rva:0x 0 size:0x 0
IAT rva:0x 0 size:0x 0
Delay_IAT rva:0x 0 size:0x 0
CLR_Header rva:0x 0 size:0x 0
rva:0x 0 size:0x 0
=== SECTIONS ===
NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS
CODE 1000 9cb8 9e00 400 0 0 0 0 60000020 R-X CODE
DATA b000 398 400 a200 0 0 0 0 c0000040 RW- IDATA
BSS c000 1c3d 0 a600 0 0 0 0 c0000000 RW-
.idata e000 cba e00 a600 0 0 0 0 c0000040 RW- IDATA
.tls f000 8 0 b400 0 0 0 0 c0000000 RW-
.rdata 10000 18 200 b400 0 0 0 0 50000040 R-- IDATA SHARED
.reloc 11000 964 a00 b600 0 0 0 0 50000040 R-- IDATA SHARED
.rsrc 12000 3f0 400 c000 0 0 0 0 50000040 R-- IDATA SHARED
=== TLS ===
RAW_START RAW_END INDEX CALLBKS ZEROFILL FLAGS
40f000 40f008 40b084 410010 0 0
=== RESOURCES ===
FILE_OFFSET CP LANG SIZE TYPE NAME
0xc058 1252 0x409 920 VERSION #1
=== IMPORTS ===
MODULE_NAME HINT ORD FUNCTION_NAME
kernel32.dll 0 DeleteCriticalSection
kernel32.dll 0 LeaveCriticalSection
kernel32.dll 0 EnterCriticalSection
kernel32.dll 0 InitializeCriticalSection
kernel32.dll 0 VirtualFree
kernel32.dll 0 VirtualAlloc
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetVersion
kernel32.dll 0 GetCurrentThreadId
kernel32.dll 0 GetThreadLocale
kernel32.dll 0 GetStartupInfoA
kernel32.dll 0 GetLocaleInfoA
kernel32.dll 0 GetCommandLineA
kernel32.dll 0 FreeLibrary
kernel32.dll 0 ExitProcess
kernel32.dll 0 CreateThread
kernel32.dll 0 WriteFile
kernel32.dll 0 UnhandledExceptionFilter
kernel32.dll 0 RtlUnwind
kernel32.dll 0 RaiseException
kernel32.dll 0 GetStdHandle
user32.dll 0 GetKeyboardType
user32.dll 0 MessageBoxA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
kernel32.dll 0 TlsSetValue
kernel32.dll 0 TlsGetValue
kernel32.dll 0 LocalAlloc
kernel32.dll 0 GetModuleHandleA
advapi32.dll 0 RegQueryValueExA
advapi32.dll 0 RegOpenKeyExA
advapi32.dll 0 RegCloseKey
advapi32.dll 0 OpenProcessToken
advapi32.dll 0 LookupPrivilegeValueA
advapi32.dll 0 InitiateSystemShutdownA
advapi32.dll 0 AdjustTokenPrivileges
kernel32.dll 0 lstrlenA
kernel32.dll 0 lstrcpynA
kernel32.dll 0 lstrcpyA
kernel32.dll 0 lstrcmpiA
kernel32.dll 0 lstrcmpA
kernel32.dll 0 lstrcatA
kernel32.dll 0 WriteProcessMemory
kernel32.dll 0 WriteFile
kernel32.dll 0 WaitForSingleObjectEx
kernel32.dll 0 WaitForSingleObject
kernel32.dll 0 VirtualFreeEx
kernel32.dll 0 VirtualAllocEx
kernel32.dll 0 TerminateThread
kernel32.dll 0 SleepEx
kernel32.dll 0 Sleep
kernel32.dll 0 SetWaitableTimer
kernel32.dll 0 SetFilePointer
kernel32.dll 0 SetEvent
kernel32.dll 0 ReadFile
kernel32.dll 0 OpenProcess
kernel32.dll 0 LocalUnlock
kernel32.dll 0 LocalSize
kernel32.dll 0 LocalReAlloc
kernel32.dll 0 LocalLock
kernel32.dll 0 LocalFree
kernel32.dll 0 LocalAlloc
kernel32.dll 0 LoadLibraryA
kernel32.dll 0 GetWindowsDirectoryA
kernel32.dll 0 GetTickCount
kernel32.dll 0 GetTempFileNameA
kernel32.dll 0 GetSystemTimeAsFileTime
kernel32.dll 0 GetSystemDirectoryA
kernel32.dll 0 GetProcAddress
kernel32.dll 0 GetModuleHandleA
kernel32.dll 0 GetModuleFileNameA
kernel32.dll 0 GetLastError
kernel32.dll 0 GetFileSize
kernel32.dll 0 GetExitCodeThread
kernel32.dll 0 GetCurrentProcess
kernel32.dll 0 FormatMessageA
kernel32.dll 0 FileTimeToSystemTime
kernel32.dll 0 FileTimeToLocalFileTime
kernel32.dll 0 ExitProcess
kernel32.dll 0 DuplicateHandle
kernel32.dll 0 DeleteFileA
kernel32.dll 0 CreateWaitableTimerA
kernel32.dll 0 CreateThread
kernel32.dll 0 CreateRemoteThread
kernel32.dll 0 CreateFileA
kernel32.dll 0 CreateEventA
kernel32.dll 0 CopyFileA
kernel32.dll 0 CloseHandle
gdi32.dll 0 TextOutA
gdi32.dll 0 GetTextMetricsA
gdi32.dll 0 Escape
gdi32.dll 0 EndDoc
gdi32.dll 0 DeleteDC
gdi32.dll 0 CreateDCA
user32.dll 0 CreateWindowExA
user32.dll 0 UnregisterClassA
user32.dll 0 TranslateMessage
user32.dll 0 SetTimer
user32.dll 0 SetForegroundWindow
user32.dll 0 SetFocus
user32.dll 0 SendMessageA
user32.dll 0 RegisterClassA
user32.dll 0 RedrawWindow
user32.dll 0 PostMessageA
user32.dll 0 PeekMessageA
user32.dll 0 LoadIconA
user32.dll 0 LoadCursorA
user32.dll 0 GetWindowTextA
user32.dll 0 GetWindowDC
user32.dll 0 GetSystemMetrics
user32.dll 0 GetMessageA
user32.dll 0 GetForegroundWindow
user32.dll 0 GetDesktopWindow
user32.dll 0 GetClientRect
user32.dll 0 FindWindowExA
user32.dll 0 FindWindowA
user32.dll 0 DrawTextA
user32.dll 0 DispatchMessageA
user32.dll 0 DestroyWindow
user32.dll 0 DefWindowProcA
user32.dll 0 CharUpperA
advapi32.dll 0 StartServiceCtrlDispatcherA
advapi32.dll 0 SetServiceStatus
advapi32.dll 0 RegisterServiceCtrlHandlerA
advapi32.dll 0 OpenServiceA
advapi32.dll 0 OpenSCManagerA
advapi32.dll 0 CloseServiceHandle
advapi32.dll 0 ChangeServiceConfigA
winspool.drv 0 EnumPrintersA
user32.dll 0 wsprintfA
user32.dll 0 GetMonitorInfoA
user32.dll 0 EnumDisplayMonitors
=== VERSION INFO ===
# VS_FIXEDFILEINFO:
FileVersion : 5.1.2600.2180
ProductVersion : 5.1.2600.2180
StrucVersion : 0x10000
FileFlagsMask : 0x3f
FileFlags : 0
FileOS : 0x40004
FileType : 2
FileSubtype : 0
# StringTable 040904B0:
CompanyName : "Microsoft Corporation"
FileDescription : "LSA Shell (Export Version)"
FileVersion : "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
InternalName : "lsass.exe"
LegalCopyright : "\u00A9 Microsoft Corporation. All rights reserved."
OriginalFilename : "lsass.exe"
ProductName : "Microsoft\u00AE Windows\u00AE Operating System"
ProductVersion : "5.1.2600.2180"
VarFileInfo : [ 0x409, 0x4b0 ]
=== Packer / Compiler ===
Borland Delphi 2006
File pos Mem pos ID Text
======== ======= == ====
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
000000000594 000000401194 0 SVWUQ
0000000007B5 0000004013B5 0 w;;t$
0000000008C0 0000004014C0 0 SVWUQ
0000000017A5 0000004023A5 0 Uh-$@
000000001B4F 00000040274F 0 ~KxI[)
000000001CA8 0000004028A8 0 SOFTWARE\Borland\Delphi\RTL
000000001CC4 0000004028C4 0 FPUMaskValue
000000001D11 000000402911 0 PPRTj
000000001E8B 000000402A8B 0 YZXtp
000000002002 000000402C02 0 t=HtN
000000002724 000000403324 0 SVWRP
000000002904 000000403504 0 Uh#5@
0000000029D2 0000004035D2 0 Uh*6@
00000000327C 000000403E7C 0 kernel32.dll
00000000328C 000000403E8C 0 CreateToolhelp32Snapshot
0000000032A8 000000403EA8 0 Heap32ListFirst
0000000032B8 000000403EB8 0 Heap32ListNext
0000000032C8 000000403EC8 0 Heap32First
0000000032D4 000000403ED4 0 Heap32Next
0000000032E0 000000403EE0 0 Toolhelp32ReadProcessMemory
0000000032FC 000000403EFC 0 Process32First
00000000330C 000000403F0C 0 Process32Next
00000000331C 000000403F1C 0 Process32FirstW
00000000332C 000000403F2C 0 Process32NextW
00000000333C 000000403F3C 0 Thread32First
00000000334C 000000403F4C 0 Thread32Next
00000000335C 000000403F5C 0 Module32First
00000000336C 000000403F6C 0 Module32Next
00000000337C 000000403F7C 0 Module32FirstW
00000000338C 000000403F8C 0 Module32NextW
000000003401 000000404001 0 Uh!@@
000000003439 000000404039 0 UhY@@
0000000034AC 0000004040AC 0 ProtectedStorage
0000000034C8 0000004040C8 0 TES TEDafwhicomm
0000000034DC 0000004040DC 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt
000000003510 000000404110 0 C:\windows\EpsStmApi.log\
00000000363B 00000040423B 0 Ph E@
000000003664 000000404264 0 D$xPj
0000000037A9 0000004043A9 0 D$LPSj
000000003839 000000404439 0 PhPE@
00000000385C 00000040445C 0 D$lPj
000000003870 000000404470 0 jdj{S
000000003904 000000404504 0 Ph,E@
00000000392C 00000040452C 0 ATMDialog
000000003938 000000404538 0 hello
000000003940 000000404540 0 STATIC
0000000039EC 0000004045EC 0 Error
000000003AD5 0000004046D5 0 Uh_G@
000000003B78 000000404778 0 CreateFile
000000003CEB 0000004048EB 0 Uh[I@
000000003CF6 0000004048F6 0 !RPhhI@
000000003D68 000000404968 0 %s Error code= %d
000000003D9D 00000040499D 0 t"Jt"
000000003DAC 0000004049AC 0 Jt Jt
000000003DE9 0000004049E9 0 t -"%
File pos Mem pos ID Text
======== ======= == ====
000000003FB8 000000404BB8 0 DbdDevExecute(EPP4_ENCODE_DECODE)
000000003FDC 000000404BDC 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ)
000000004008 000000404C08 0 EPP Complete LOCK
00000000401C 000000404C1C 0 EPP Complete ENCODE_DECODE
0000000040FC 000000404CFC 0 DBDDevOpen
000000004108 000000404D08 0 DbdDevRegisterCallback
000000004120 000000404D20 0 DbdDevLock
00000000412C 000000404D2C 0 DbdDevUnregisterCallback
000000004148 000000404D48 0 DBDDevClose
0000000041C4 000000404DC4 0 DbdDevUnlock
0000000041D4 000000404DD4 0 bdDevUnregisterCallback
0000000041EC 000000404DEC 0 DBDDevClose
0000000042D4 000000404ED4 0 DbdDevAPI.dll
0000000042E4 000000404EE4 0 DbdDevOpen
0000000042F0 000000404EF0 0 DbdDevClose
0000000042FC 000000404EFC 0 DbdDevGetInfo
00000000430C 000000404F0C 0 DbdDevRegisterCallback
000000004324 000000404F24 0 DbdDevUnregisterCallback
000000004340 000000404F40 0 DbdDevLock
00000000434C 000000404F4C 0 DbdDevUnlock
00000000435C 000000404F5C 0 DbdDevExecute
0000000043B1 000000404FB1 0 PhTM@
000000004460 000000405060 0 AMI function don
000000004471 000000405071 0 t return in 1 sec
00000000468C 00000040528C 0 RECEIPT
000000004694 000000405294 0 WINSPOOL
0000000046A8 0000004052A8 0 CreateDC
0000000046B4 0000004052B4 0 hello
0000000046C4 0000004052C4 0 escape
0000000046D4 0000004052D4 0 TextOut
0000000046E4 0000004052E4 0 enddoc
0000000047E8 0000004053E8 0 OpenProcessToken
000000004804 000000405404 0 LookupPrivilegeValue
000000004824 000000405424 0 AdjustTokenPrivileges
0000000049FC 0000004055FC 0 getProcessEntry
000000004A0C 00000040560C 0 SeDebugPrivilege
000000004A28 000000405628 0 OpenProcess
000000004A3C 00000040563C 0 GetExitCodeThread
000000004A58 000000405658 0 VirtualFreeEx
000000004CBB 0000004058BB 0 |$0hhV@
000000004D08 000000405908 0 kernel32.dll
000000004D18 000000405918 0 GetModuleHandleA
000000004D2C 00000040592C 0 GetProcAddress
000000004D3C 00000040593C 0 OASYS.dll
000000004D48 000000405948 0 OasPostMessage
000000004D58 000000405958 0 mu.exe
000000004E20 000000405A20 0 kernel32.dll
000000004E30 000000405A30 0 GetModuleHandleA
000000004E44 000000405A44 0 GetProcAddress
000000004E54 000000405A54 0 DbdDevAPI.dll
000000004E64 000000405A64 0 DbdDevOpen
000000004E70 000000405A70 0 DbdDevClose
000000004E7C 000000405A7C 0 DbdDevUnlock
000000004E8C 000000405A8C 0 DbdDevUnregisterCallback
000000004FC7 000000405BC7 0 l$BhpW@
000000005004 000000405C04 0 kernel32.dll
000000005014 000000405C14 0 GetModuleHandleA
000000005028 000000405C28 0 GetProcAddress
000000005038 000000405C38 0 DbdDevAPI.dll
000000005048 000000405C48 0 DbdDevRegisterCallback
File pos Mem pos ID Text
======== ======= == ====
000000005060 000000405C60 0 DbdDevLock
000000005080 000000405C80 0 SVWUQ
0000000051F4 000000405DF4 0 LocalAlloc
000000005208 000000405E08 0 LocalLock
00000000568D 00000040628D 0 t Find Key A
0000000056A9 0000004062A9 0 t Find Key B
0000000058B0 0000004064B0 0 UhAe@
000000005A83 000000406683 0 u7IBF
000000005B12 000000406712 0 I(NBu
000000005E5E 000000406A5E 0 Ph4k@
000000005E97 000000406A97 0 Ph<k@
000000005F18 000000406B18 0 %.2d/%.2d/%.2d %.2d:%.2d
000000006087 000000406C87 0 tdHuaj
000000006100 000000406D00 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI)
000000006130 000000406D30 0 t LOCK EPP
00000000613C 000000406D3C 0 RECEIPT_PRINTER_START_GDI
000000006158 000000406D58 0 DbdDevExecute(RECEIPT_PRINTER_EJECT)
0000000062CC 000000406ECC 0 DbdDevExecute(AFD_DISPENCE)
0000000062E8 000000406EE8 0 CDM Complete LOCK
0000000062FC 000000406EFC 0 DbdDevExecute(AFD_PRESENT)
000000006318 000000406F18 0 DbdDevExecute(AFD_RESTORE)
0000000063EC 000000406FEC 0 mu.exe
0000000063F4 000000406FF4 0 SeDebugPrivilege
000000006408 000000407008 0 SpiService.exe
0000000064ED 0000004070ED 0 T$ RSPP
000000006540 000000407140 0 kernel32.dll
000000006550 000000407150 0 WaitForSingleObject
000000006564 000000407164 0 CloseHandle
000000006570 000000407170 0 ExitProcess
00000000657C 00000040717C 0 DeleteFileA
000000006588 000000407188 0 mu.exe
000000006598 000000407198 0 getProcessEntry
0000000065B0 0000004071B0 0 OpenProcess
000000006674 000000407274 0 \lsass.exe
000000006688 000000407288 0 OpenSCManager
000000006698 000000407298 0 ProtectedStorage
0000000066AC 0000004072AC 0 Protected Storage
0000000066C0 0000004072C0 0 RemoteValidation
0000000066DC 0000004072DC 0 ChangeServiceConfig
0000000066F0 0000004072F0 0 SVWUQ
000000006800 000000407400 0 DZX|@3
000000006838 000000407438 0 <0u AG
000000006880 000000407480 0 SeShutdownPrivilege
0000000068A0 0000004074A0 0 InitiateSystemShutdown
0000000069C8 0000004075C8 0 mu.exe
0000000069D0 0000004075D0 0 SeDebugPrivilege
0000000069E4 0000004075E4 0 SpiService.exe
000000006AF4 0000004076F4 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete
000000006B20 000000407720 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ)
000000006CA4 0000004078A4 0 %.2X%.2X
000000006CB0 0000004078B0 0 Request Code: %.6d
000000006CC3 0000004078C3 0 Enter Responce
000000006CD4 0000004078D4 0 Autorization
000000006CE4 0000004078E4 0 1..4 - dispense cassete
000000006CFC 0000004078FC 0 9 - Uninstall
000000006D0A 00000040790A 0 0 - Exit
000000006D14 000000407914 0 Enter Command
000000006F20 000000407B20 0 Diebold:OGuiFrame
000000006F34 000000407B34 0 Enter Password
000000006F48 000000407B48 0 STATIC
File pos Mem pos ID Text
======== ======= == ====
000000006F58 000000407B58 0 Supply Manager
000000006F68 000000407B68 0 Pripnt
000000006F70 000000407B70 0 View All Counts
000000007584 000000408184 0 DBDDEV_LOCK(CRW)
000000007598 000000408198 0 DbdDevExecute(MCRW_ACCEPT_INSERTION)
0000000075C0 0000004081C0 0 MCRW_ACCEPT_INSERTION
0000000075D8 0000004081D8 0 DbdDevExecute(MCRW_POWERON)
00000000769D 00000040829D 0 ;C&v=
000000008275 000000408E75 0 t find KEY C
000000008300 000000408F00 0 Hello
000000008330 000000408F30 0 01234567789
0000000085C4 0000004091C4 0 DbdDevExecute(MCRW_POWERON)
0000000087C8 0000004093C8 0 SOFTWARE\Diebold\Agilis 91x Core
0000000087EC 0000004093EC 0 SOFTWARE\Diebold\Agilis 91x
000000008808 000000409408 0 Product Version
00000000881C 00000040941C 0 version
000000008830 000000409430 0 RegQueryValue
000000008850 000000409450 0 Agilis %s
000000008861 000000409461 0 Agent %s
000000008871 000000409471 0 Transactions %d
000000008882 000000409482 0 Cards %d
000000008896 000000409496 0 KEYs %d
0000000089EC 0000004095EC 0 Enter command:
0000000089FC 0000004095FC 0 Agent
000000008A7F 00000040967F 0 <3=t FJu
000000008F83 000000409B83 0 aE;l$
000000008FEF 000000409BEF 0 $E;l$
000000009384 000000409F84 0 PSTATPL
00000000938C 000000409F8C 0 IAMJZPL
0000000093AC 000000409FAC 0 BALANCE:
000000009408 00000040A008 0 SetWaitableTimer
0000000094AD 00000040A0AD 0 8TCS,t
0000000094B8 00000040A0B8 0 8HST,u0
00000000985C 00000040A45C 0 kernel32.dll
00000000986C 00000040A46C 0 GetModuleHandleA
000000009880 00000040A480 0 GetProcAddress
000000009890 00000040A490 0 LoadLibraryA
0000000098A0 00000040A4A0 0 Sleep
0000000098A8 00000040A4A8 0 VirtualProtect
0000000098B8 00000040A4B8 0 DbdDevAPI.dll
0000000098C9 00000040A4C9 0 DbdDevRegisterCallback
0000000098E1 00000040A4E1 0 DbdDevLock
000000009A40 00000040A640 0 \trl2
000000009A50 00000040A650 0 mu.exe
000000009A58 00000040A658 0 sharedq.dll
000000009A6C 00000040A66C 0 LoadLibrary(sharedq.dll)
000000009A88 00000040A688 0 SQReceiveFromServer
000000009AA4 00000040A6A4 0 GetProcAddress(SQReceiveFromServer)
000000009B30 00000040A730 0 ProtectedStorage
000000009BC5 00000040A7C5 0 33333
000000009BE7 00000040A7E7 0 UUUU3
000000009D39 00000040A939 0 VWUSQ
000000009D81 00000040A981 0 33333
000000009DA3 00000040A9A3 0 UUUU3
000000009E57 00000040AA57 0 UUUU3
000000009EB5 00000040AAB5 0 VWUSQ
000000009F6C 00000040AB6C 0 UUUU3
00000000A09C 00000040AC9C 0 StartServiceCtrlDispatcher
00000000A24C 00000040B04C 0 Error
00000000A254 00000040B054 0 Runtime error at 00000000
File pos Mem pos ID Text
======== ======= == ====
00000000A274 00000040B074 0 0123456789ABCDEF
00000000A2A0 00000040B0A0 0 1AY&SX
00000000A2E4 00000040B0E4 0 mu.exe
00000000A2F8 00000040B0F8 0 SpiService.exe
00000000A450 00000040B250 0 <4,$?7/'
00000000A496 00000040B296 0 !"#$%&'()*+,-./012345678
00000000A4E1 00000040B2E1 0 (3-!0
00000000A4E8 00000040B2E8 0 ,1'8"5
00000000A934 00000040E334 0 kernel32.dll
00000000A944 00000040E344 0 DeleteCriticalSection
00000000A95C 00000040E35C 0 LeaveCriticalSection
00000000A974 00000040E374 0 EnterCriticalSection
00000000A98C 00000040E38C 0 InitializeCriticalSection
00000000A9A8 00000040E3A8 0 VirtualFree
00000000A9B6 00000040E3B6 0 VirtualAlloc
00000000A9C6 00000040E3C6 0 LocalFree
00000000A9D2 00000040E3D2 0 LocalAlloc
00000000A9E0 00000040E3E0 0 GetVersion
00000000A9EE 00000040E3EE 0 GetCurrentThreadId
00000000AA04 00000040E404 0 GetThreadLocale
00000000AA16 00000040E416 0 GetStartupInfoA
00000000AA28 00000040E428 0 GetLocaleInfoA
00000000AA3A 00000040E43A 0 GetCommandLineA
00000000AA4C 00000040E44C 0 FreeLibrary
00000000AA5A 00000040E45A 0 ExitProcess
00000000AA68 00000040E468 0 CreateThread
00000000AA78 00000040E478 0 WriteFile
00000000AA84 00000040E484 0 UnhandledExceptionFilter
00000000AAA0 00000040E4A0 0 RtlUnwind
00000000AAAC 00000040E4AC 0 RaiseException
00000000AABE 00000040E4BE 0 GetStdHandle
00000000AACC 00000040E4CC 0 user32.dll
00000000AADA 00000040E4DA 0 GetKeyboardType
00000000AAEC 00000040E4EC 0 MessageBoxA
00000000AAF8 00000040E4F8 0 advapi32.dll
00000000AB08 00000040E508 0 RegQueryValueExA
00000000AB1C 00000040E51C 0 RegOpenKeyExA
00000000AB2C 00000040E52C 0 RegCloseKey
00000000AB38 00000040E538 0 kernel32.dll
00000000AB48 00000040E548 0 TlsSetValue
00000000AB56 00000040E556 0 TlsGetValue
00000000AB64 00000040E564 0 LocalAlloc
00000000AB72 00000040E572 0 GetModuleHandleA
00000000AB84 00000040E584 0 advapi32.dll
00000000AB94 00000040E594 0 RegQueryValueExA
00000000ABA8 00000040E5A8 0 RegOpenKeyExA
00000000ABB8 00000040E5B8 0 RegCloseKey
00000000ABC6 00000040E5C6 0 OpenProcessToken
00000000ABDA 00000040E5DA 0 LookupPrivilegeValueA
00000000ABF2 00000040E5F2 0 InitiateSystemShutdownA
00000000AC0C 00000040E60C 0 AdjustTokenPrivileges
00000000AC22 00000040E622 0 kernel32.dll
00000000AC32 00000040E632 0 lstrlenA
00000000AC3E 00000040E63E 0 lstrcpynA
00000000AC4A 00000040E64A 0 lstrcpyA
00000000AC56 00000040E656 0 lstrcmpiA
00000000AC62 00000040E662 0 lstrcmpA
00000000AC6E 00000040E66E 0 lstrcatA
00000000AC7A 00000040E67A 0 WriteProcessMemory
00000000AC90 00000040E690 0 WriteFile
File pos Mem pos ID Text
======== ======= == ====
00000000AC9C 00000040E69C 0 WaitForSingleObjectEx
00000000ACB4 00000040E6B4 0 WaitForSingleObject
00000000ACCA 00000040E6CA 0 VirtualFreeEx
00000000ACDA 00000040E6DA 0 VirtualAllocEx
00000000ACEC 00000040E6EC 0 TerminateThread
00000000ACFE 00000040E6FE 0 SleepEx
00000000AD08 00000040E708 0 Sleep
00000000AD10 00000040E710 0 SetWaitableTimer
00000000AD24 00000040E724 0 SetFilePointer
00000000AD36 00000040E736 0 SetEvent
00000000AD42 00000040E742 0 ReadFile
00000000AD4E 00000040E74E 0 OpenProcess
00000000AD5C 00000040E75C 0 LocalUnlock
00000000AD6A 00000040E76A 0 LocalSize
00000000AD76 00000040E776 0 LocalReAlloc
00000000AD86 00000040E786 0 LocalLock
00000000AD92 00000040E792 0 LocalFree
00000000AD9E 00000040E79E 0 LocalAlloc
00000000ADAC 00000040E7AC 0 LoadLibraryA
00000000ADBC 00000040E7BC 0 GetWindowsDirectoryA
00000000ADD4 00000040E7D4 0 GetTickCount
00000000ADE4 00000040E7E4 0 GetTempFileNameA
00000000ADF8 00000040E7F8 0 GetSystemTimeAsFileTime
00000000AE12 00000040E812 0 GetSystemDirectoryA
00000000AE28 00000040E828 0 GetProcAddress
00000000AE3A 00000040E83A 0 GetModuleHandleA
00000000AE4E 00000040E84E 0 GetModuleFileNameA
00000000AE64 00000040E864 0 GetLastError
00000000AE74 00000040E874 0 GetFileSize
00000000AE82 00000040E882 0 GetExitCodeThread
00000000AE96 00000040E896 0 GetCurrentProcess
00000000AEAA 00000040E8AA 0 FormatMessageA
00000000AEBC 00000040E8BC 0 FileTimeToSystemTime
00000000AED4 00000040E8D4 0 FileTimeToLocalFileTime
00000000AEEE 00000040E8EE 0 ExitProcess
00000000AEFC 00000040E8FC 0 DuplicateHandle
00000000AF0E 00000040E90E 0 DeleteFileA
00000000AF1C 00000040E91C 0 CreateWaitableTimerA
00000000AF34 00000040E934 0 CreateThread
00000000AF44 00000040E944 0 CreateRemoteThread
00000000AF5A 00000040E95A 0 CreateFileA
00000000AF68 00000040E968 0 CreateEventA
00000000AF78 00000040E978 0 CopyFileA
00000000AF84 00000040E984 0 CloseHandle
00000000AF90 00000040E990 0 gdi32.dll
00000000AF9C 00000040E99C 0 TextOutA
00000000AFA8 00000040E9A8 0 GetTextMetricsA
00000000AFBA 00000040E9BA 0 Escape
00000000AFC4 00000040E9C4 0 EndDoc
00000000AFCE 00000040E9CE 0 DeleteDC
00000000AFDA 00000040E9DA 0 CreateDCA
00000000AFE4 00000040E9E4 0 user32.dll
00000000AFF2 00000040E9F2 0 CreateWindowExA
00000000B004 00000040EA04 0 UnregisterClassA
00000000B018 00000040EA18 0 TranslateMessage
00000000B02C 00000040EA2C 0 SetTimer
00000000B038 00000040EA38 0 SetForegroundWindow
00000000B04E 00000040EA4E 0 SetFocus
00000000B05A 00000040EA5A 0 SendMessageA
00000000B06A 00000040EA6A 0 RegisterClassA
File pos Mem pos ID Text
======== ======= == ====
00000000B07C 00000040EA7C 0 RedrawWindow
00000000B08C 00000040EA8C 0 PostMessageA
00000000B09C 00000040EA9C 0 PeekMessageA
00000000B0AC 00000040EAAC 0 LoadIconA
00000000B0B8 00000040EAB8 0 LoadCursorA
00000000B0C6 00000040EAC6 0 GetWindowTextA
00000000B0D8 00000040EAD8 0 GetWindowDC
00000000B0E6 00000040EAE6 0 GetSystemMetrics
00000000B0FA 00000040EAFA 0 GetMessageA
00000000B108 00000040EB08 0 GetForegroundWindow
00000000B11E 00000040EB1E 0 GetDesktopWindow
00000000B132 00000040EB32 0 GetClientRect
00000000B142 00000040EB42 0 FindWindowExA
00000000B152 00000040EB52 0 FindWindowA
00000000B160 00000040EB60 0 DrawTextA
00000000B16C 00000040EB6C 0 DispatchMessageA
00000000B180 00000040EB80 0 DestroyWindow
00000000B190 00000040EB90 0 DefWindowProcA
00000000B1A2 00000040EBA2 0 CharUpperA
00000000B1AE 00000040EBAE 0 advapi32.dll
00000000B1BE 00000040EBBE 0 StartServiceCtrlDispatcherA
00000000B1DC 00000040EBDC 0 SetServiceStatus
00000000B1F0 00000040EBF0 0 RegisterServiceCtrlHandlerA
00000000B20E 00000040EC0E 0 OpenServiceA
00000000B21E 00000040EC1E 0 OpenSCManagerA
00000000B230 00000040EC30 0 CloseServiceHandle
00000000B246 00000040EC46 0 ChangeServiceConfigA
00000000B25C 00000040EC5C 0 winspool.drv
00000000B26C 00000040EC6C 0 EnumPrintersA
00000000B27A 00000040EC7A 0 user32.dll
00000000B288 00000040EC88 0 wsprintfA
00000000B294 00000040EC94 0 GetMonitorInfoA
00000000B2A6 00000040ECA6 0 EnumDisplayMonitors
00000000B60F 00000041100F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000B655 000000411055 0 4%515L5
00000000B65D 00000041105D 0 5.7j7
00000000B67D 00000041107D 0 8$8,8>8J8Y8e8m8x8~8
00000000B6A9 0000004110A9 0 9'929S9k9
00000000B6BB 0000004110BB 0 :O:o:
00000000B6CD 0000004110CD 0 <(<3<<<C<R<Y<{<
00000000B6EF 0000004110EF 0 >Z>c>y>
00000000B6FF 0000004110FF 0 ?*?T?]?m?u?{?
00000000B72B 00000041112B 0 0 080D0L0c0r0
00000000B745 000000411145 0 0$1H1f1v1|1
00000000B75D 00000041115D 0 2m2t2
00000000B77F 00000041117F 0 4#4G4g4
00000000B79D 00000041119D 0 8)8?8]8s8
00000000B7B1 0000004111B1 0 9 989F9z9
00000000B7C5 0000004111C5 0 :0:9:k:t:
00000000B7E1 0000004111E1 0 <,=4=?=k=
00000000B7F1 0000004111F1 0 =&>*>0>4>9>@>F>N>Y>h>p>
00000000B819 000000411219 0 ?#?>?S?]?b?
00000000B838 000000411238 0 &0/0U0b0x0
00000000B84B 00000041124B 0 5F5M5_5}5
00000000B85D 00000041125D 0 6?6K6R6\6f6}6
00000000B885 000000411285 0 7*7?7P7Z7b7j7r7z7
00000000B8A3 0000004112A3 0 8*868;8@8G8N8X8o8{8
00000000B8D3 0000004112D3 0 9"9*929:9B9J9R9Z9b9j9r9z9
00000000B913 000000411313 0 :":*:2:::B:J:R:Z:b:j:r:z:
00000000B953 000000411353 0 ;";*;2;:;B;J;R;Z;b;j;r;z;
File pos Mem pos ID Text
======== ======= == ====
00000000B997 000000411397 0 ="=0=E=R=W=d=i=v={=
00000000B9CD 0000004113CD 0 >*>/><>A>N>S>
00000000B9F1 0000004113F1 0 0.0;0G0T0f0n0{0
00000000BA05 000000411405 0 0.161>1F1N1
00000000BA4D 00000041144D 0 686=6P6{6
00000000BA67 000000411467 0 8K90:C:Y:
00000000BA77 000000411477 0 ;+;4;G;q;
00000000BA85 000000411485 0 ;[<f<z<
00000000BAAD 0000004114AD 0 >">'>2>7><>G>L>Q>\>a>f>q>v>{>
00000000BB01 000000411501 0 2$2:2Y2h3
00000000BB25 000000411525 0 8'8.8C8H8X8o8{8
00000000BB3D 00000041153D 0 8k9w9
00000000BB5F 00000041155F 0 ;6;?;l;x;
00000000BB79 000000411579 0 =(=.=6=E=P=V=
00000000BBBF 0000004115BF 0 90:>:a:o:
00000000BBDB 0000004115DB 0 <*<1<7<=<
00000000BBF1 0000004115F1 0 >#>R>
00000000BBFD 0000004115FD 0 >>?N?_?p?{?
00000000BC20 000000411620 0 D0P0_0n0}0
00000000BC3D 00000041163D 0 2'242N2
00000000BC4B 00000041164B 0 3&30353
00000000BC59 000000411659 0 4G4U4v4
00000000BC69 000000411669 0 595I5Z5k5
00000000BC7B 00000041167B 0 6;6@6i6w6
00000000BC93 000000411693 0 8?8D8
00000000BCAD 0000004116AD 0 <$<A<O<
00000000BCD3 0000004116D3 0 ="=7=>=K=[=p=
00000000BCF5 0000004116F5 0 >!?.?~?
00000000BD0F 00000041170F 0 0%0?0
00000000BD1B 00000041171B 0 1!1'1L1j1q1
00000000BD55 000000411755 0 0%1.141;1U1\1e1q1
00000000BD69 000000411769 0 1$2@2[2
00000000BD77 000000411777 0 2-3X3j3
00000000BD95 000000411795 0 4@5H5|5
00000000BDBD 0000004117BD 0 8$8#9
00000000BDE5 0000004117E5 0 ;#;';+;/;3;7;;;?;S<h<}<
00000000BE01 000000411801 0 =-=D=
00000000BE44 000000411844 0 $050:0?0T0
00000000BE4F 00000041184F 0 1$1B1J1Y1/343{3
00000000BE75 000000411875 0 5)53585G5Q5V5e5y5~5
00000000BEAF 0000004118AF 0 8+8<8D8\8k8u8~8
00000000BEE1 0000004118E1 0 : :(:0:;:
00000000BEF7 0000004118F7 0 ;0;6;<;B;H;S;
00000000BF17 000000411917 0 < <$<(<,<0<4<8<<<@<D<L<W<b<f<k<
00000000BF40 000000411940 0 $0(0,0
00000000C3F0 0000004123F0 0 PADDINGXXPADDING
00000000C05E 00000041205E 0 VS_VERSION_INFO
00000000C0BA 0000004120BA 0 StringFileInfo
00000000C0DE 0000004120DE 0 040904B0
00000000C0F6 0000004120F6 0 CompanyName
00000000C110 000000412110 0 Microsoft Corporation
00000000C142 000000412142 0 FileDescription
00000000C164 000000412164 0 LSA Shell (Export Version)
00000000C1A2 0000004121A2 0 FileVersion
00000000C1BC 0000004121BC 0 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
00000000C216 000000412216 0 InternalName
00000000C230 000000412230 0 lsass.exe
00000000C24A 00000041224A 0 LegalCopyright
00000000C26A 00000041226A 0 Microsoft Corporation. All rights reserved.
00000000C2CA 0000004122CA 0 OriginalFilename
File pos Mem pos ID Text
======== ======= == ====
00000000C2EC 0000004122EC 0 lsass.exe
00000000C306 000000412306 0 ProductName
00000000C346 000000412346 0 Operating System
00000000C372 000000412372 0 ProductVersion
00000000C390 000000412390 0 5.1.2600.2180
00000000C3B2 0000004123B2 0 VarFileInfo
00000000C3D2 0000004123D2 0 Translation
000000000050 000000400050 0 This program must be run under Win32
000000000270 000000400270 0 .idata
0000000002C0 0000004002C0 0 .rdata
0000000002E7 0000004002E7 0 P.reloc
00000000030F 00000040030F 0 P.rsrc
000000000594 000000401194 0 SVWUQ
0000000007B5 0000004013B5 0 w;;t$
0000000008C0 0000004014C0 0 SVWUQ
0000000017A5 0000004023A5 0 Uh-$@
000000001B4F 00000040274F 0 ~KxI[)
000000001CA8 0000004028A8 0 SOFTWARE\Borland\Delphi\RTL
000000001CC4 0000004028C4 0 FPUMaskValue
000000001D11 000000402911 0 PPRTj
000000001E8B 000000402A8B 0 YZXtp
000000002002 000000402C02 0 t=HtN
000000002724 000000403324 0 SVWRP
000000002904 000000403504 0 Uh#5@
0000000029D2 0000004035D2 0 Uh*6@
00000000327C 000000403E7C 0 kernel32.dll
00000000328C 000000403E8C 0 CreateToolhelp32Snapshot
0000000032A8 000000403EA8 0 Heap32ListFirst
0000000032B8 000000403EB8 0 Heap32ListNext
0000000032C8 000000403EC8 0 Heap32First
0000000032D4 000000403ED4 0 Heap32Next
0000000032E0 000000403EE0 0 Toolhelp32ReadProcessMemory
0000000032FC 000000403EFC 0 Process32First
00000000330C 000000403F0C 0 Process32Next
00000000331C 000000403F1C 0 Process32FirstW
00000000332C 000000403F2C 0 Process32NextW
00000000333C 000000403F3C 0 Thread32First
00000000334C 000000403F4C 0 Thread32Next
00000000335C 000000403F5C 0 Module32First
00000000336C 000000403F6C 0 Module32Next
00000000337C 000000403F7C 0 Module32FirstW
00000000338C 000000403F8C 0 Module32NextW
000000003401 000000404001 0 Uh!@@
000000003439 000000404039 0 UhY@@
0000000034AC 0000004040AC 0 ProtectedStorage
0000000034C8 0000004040C8 0 TES TEDafwhicomm
0000000034DC 0000004040DC 0 C:\Program Files\Diebold\AMI\AMITRACE\AMITrace.txt
000000003510 000000404110 0 C:\windows\EpsStmApi.log\
00000000363B 00000040423B 0 Ph E@
000000003664 000000404264 0 D$xPj
0000000037A9 0000004043A9 0 D$LPSj
000000003839 000000404439 0 PhPE@
00000000385C 00000040445C 0 D$lPj
000000003870 000000404470 0 jdj{S
000000003904 000000404504 0 Ph,E@
00000000392C 00000040452C 0 ATMDialog
000000003938 000000404538 0 hello
000000003940 000000404540 0 STATIC
0000000039EC 0000004045EC 0 Error
000000003AD5 0000004046D5 0 Uh_G@
File pos Mem pos ID Text
======== ======= == ====
000000003B78 000000404778 0 CreateFile
000000003CEB 0000004048EB 0 Uh[I@
000000003CF6 0000004048F6 0 !RPhhI@
000000003D68 000000404968 0 %s Error code= %d
000000003D9D 00000040499D 0 t"Jt"
000000003DAC 0000004049AC 0 Jt Jt
000000003DE9 0000004049E9 0 t -"%
000000003FB8 000000404BB8 0 DbdDevExecute(EPP4_ENCODE_DECODE)
000000003FDC 000000404BDC 0 DbdDevExecute(EPP4_ENABLE_KEYBOARD_READ)
000000004008 000000404C08 0 EPP Complete LOCK
00000000401C 000000404C1C 0 EPP Complete ENCODE_DECODE
0000000040FC 000000404CFC 0 DBDDevOpen
000000004108 000000404D08 0 DbdDevRegisterCallback
000000004120 000000404D20 0 DbdDevLock
00000000412C 000000404D2C 0 DbdDevUnregisterCallback
000000004148 000000404D48 0 DBDDevClose
0000000041C4 000000404DC4 0 DbdDevUnlock
0000000041D4 000000404DD4 0 bdDevUnregisterCallback
0000000041EC 000000404DEC 0 DBDDevClose
0000000042D4 000000404ED4 0 DbdDevAPI.dll
0000000042E4 000000404EE4 0 DbdDevOpen
0000000042F0 000000404EF0 0 DbdDevClose
0000000042FC 000000404EFC 0 DbdDevGetInfo
00000000430C 000000404F0C 0 DbdDevRegisterCallback
000000004324 000000404F24 0 DbdDevUnregisterCallback
000000004340 000000404F40 0 DbdDevLock
00000000434C 000000404F4C 0 DbdDevUnlock
00000000435C 000000404F5C 0 DbdDevExecute
0000000043B1 000000404FB1 0 PhTM@
000000004460 000000405060 0 AMI function don
000000004471 000000405071 0 t return in 1 sec
00000000468C 00000040528C 0 RECEIPT
000000004694 000000405294 0 WINSPOOL
0000000046A8 0000004052A8 0 CreateDC
0000000046B4 0000004052B4 0 hello
0000000046C4 0000004052C4 0 escape
0000000046D4 0000004052D4 0 TextOut
0000000046E4 0000004052E4 0 enddoc
0000000047E8 0000004053E8 0 OpenProcessToken
000000004804 000000405404 0 LookupPrivilegeValue
000000004824 000000405424 0 AdjustTokenPrivileges
0000000049FC 0000004055FC 0 getProcessEntry
000000004A0C 00000040560C 0 SeDebugPrivilege
000000004A28 000000405628 0 OpenProcess
000000004A3C 00000040563C 0 GetExitCodeThread
000000004A58 000000405658 0 VirtualFreeEx
000000004CBB 0000004058BB 0 |$0hhV@
000000004D08 000000405908 0 kernel32.dll
000000004D18 000000405918 0 GetModuleHandleA
000000004D2C 00000040592C 0 GetProcAddress
000000004D3C 00000040593C 0 OASYS.dll
000000004D48 000000405948 0 OasPostMessage
000000004D58 000000405958 0 mu.exe
000000004E20 000000405A20 0 kernel32.dll
000000004E30 000000405A30 0 GetModuleHandleA
000000004E44 000000405A44 0 GetProcAddress
000000004E54 000000405A54 0 DbdDevAPI.dll
000000004E64 000000405A64 0 DbdDevOpen
000000004E70 000000405A70 0 DbdDevClose
000000004E7C 000000405A7C 0 DbdDevUnlock
File pos Mem pos ID Text
======== ======= == ====
000000004E8C 000000405A8C 0 DbdDevUnregisterCallback
000000004FC7 000000405BC7 0 l$BhpW@
000000005004 000000405C04 0 kernel32.dll
000000005014 000000405C14 0 GetModuleHandleA
000000005028 000000405C28 0 GetProcAddress
000000005038 000000405C38 0 DbdDevAPI.dll
000000005048 000000405C48 0 DbdDevRegisterCallback
000000005060 000000405C60 0 DbdDevLock
000000005080 000000405C80 0 SVWUQ
0000000051F4 000000405DF4 0 LocalAlloc
000000005208 000000405E08 0 LocalLock
00000000568D 00000040628D 0 t Find Key A
0000000056A9 0000004062A9 0 t Find Key B
0000000058B0 0000004064B0 0 UhAe@
000000005A83 000000406683 0 u7IBF
000000005B12 000000406712 0 I(NBu
000000005E5E 000000406A5E 0 Ph4k@
000000005E97 000000406A97 0 Ph<k@
000000005F18 000000406B18 0 %.2d/%.2d/%.2d %.2d:%.2d
000000006087 000000406C87 0 tdHuaj
000000006100 000000406D00 0 DbdDevExecute(RECEIPT_PRINTER_START_GDI)
000000006130 000000406D30 0 t LOCK EPP
00000000613C 000000406D3C 0 RECEIPT_PRINTER_START_GDI
000000006158 000000406D58 0 DbdDevExecute(RECEIPT_PRINTER_EJECT)
0000000062CC 000000406ECC 0 DbdDevExecute(AFD_DISPENCE)
0000000062E8 000000406EE8 0 CDM Complete LOCK
0000000062FC 000000406EFC 0 DbdDevExecute(AFD_PRESENT)
000000006318 000000406F18 0 DbdDevExecute(AFD_RESTORE)
0000000063EC 000000406FEC 0 mu.exe
0000000063F4 000000406FF4 0 SeDebugPrivilege
000000006408 000000407008 0 SpiService.exe
0000000064ED 0000004070ED 0 T$ RSPP
000000006540 000000407140 0 kernel32.dll
000000006550 000000407150 0 WaitForSingleObject
000000006564 000000407164 0 CloseHandle
000000006570 000000407170 0 ExitProcess
00000000657C 00000040717C 0 DeleteFileA
000000006588 000000407188 0 mu.exe
000000006598 000000407198 0 getProcessEntry
0000000065B0 0000004071B0 0 OpenProcess
000000006674 000000407274 0 \lsass.exe
000000006688 000000407288 0 OpenSCManager
000000006698 000000407298 0 ProtectedStorage
0000000066AC 0000004072AC 0 Protected Storage
0000000066C0 0000004072C0 0 RemoteValidation
0000000066DC 0000004072DC 0 ChangeServiceConfig
0000000066F0 0000004072F0 0 SVWUQ
000000006800 000000407400 0 DZX|@3
000000006838 000000407438 0 <0u AG
000000006880 000000407480 0 SeShutdownPrivilege
0000000068A0 0000004074A0 0 InitiateSystemShutdown
0000000069C8 0000004075C8 0 mu.exe
0000000069D0 0000004075D0 0 SeDebugPrivilege
0000000069E4 0000004075E4 0 SpiService.exe
000000006AF4 0000004076F4 0 TimeOut EPP4_DISABLE_KEYBOARD_READ complete
000000006B20 000000407720 0 DbdDevExecute(EPP4_DISABLE_KEYBOARD_READ)
000000006CA4 0000004078A4 0 %.2X%.2X
000000006CB0 0000004078B0 0 Request Code: %.6d
000000006CC3 0000004078C3 0 Enter Responce
000000006CD4 0000004078D4 0 Autorization
File pos Mem pos ID Text
======== ======= == ====
000000006CE4 0000004078E4 0 1..4 - dispense cassete
000000006CFC 0000004078FC 0 9 - Uninstall
000000006D0A 00000040790A 0 0 - Exit
000000006D14 000000407914 0 Enter Command
000000006F20 000000407B20 0 Diebold:OGuiFrame
000000006F34 000000407B34 0 Enter Password
000000006F48 000000407B48 0 STATIC
000000006F58 000000407B58 0 Supply Manager
000000006F68 000000407B68 0 Pripnt
000000006F70 000000407B70 0 View All Counts
000000007584 000000408184 0 DBDDEV_LOCK(CRW)
000000007598 000000408198 0 DbdDevExecute(MCRW_ACCEPT_INSERTION)
0000000075C0 0000004081C0 0 MCRW_ACCEPT_INSERTION
0000000075D8 0000004081D8 0 DbdDevExecute(MCRW_POWERON)
00000000769D 00000040829D 0 ;C&v=
000000008275 000000408E75 0 t find KEY C
000000008300 000000408F00 0 Hello
000000008330 000000408F30 0 01234567789
0000000085C4 0000004091C4 0 DbdDevExecute(MCRW_POWERON)
0000000087C8 0000004093C8 0 SOFTWARE\Diebold\Agilis 91x Core
0000000087EC 0000004093EC 0 SOFTWARE\Diebold\Agilis 91x
000000008808 000000409408 0 Product Version
00000000881C 00000040941C 0 version
000000008830 000000409430 0 RegQueryValue
000000008850 000000409450 0 Agilis %s
000000008861 000000409461 0 Agent %s
000000008871 000000409471 0 Transactions %d
000000008882 000000409482 0 Cards %d
000000008896 000000409496 0 KEYs %d
0000000089EC 0000004095EC 0 Enter command:
0000000089FC 0000004095FC 0 Agent
000000008A7F 00000040967F 0 <3=t FJu
000000008F83 000000409B83 0 aE;l$
000000008FEF 000000409BEF 0 $E;l$
000000009384 000000409F84 0 PSTATPL
00000000938C 000000409F8C 0 IAMJZPL
0000000093AC 000000409FAC 0 BALANCE:
000000009408 00000040A008 0 SetWaitableTimer
0000000094AD 00000040A0AD 0 8TCS,t
0000000094B8 00000040A0B8 0 8HST,u0
00000000985C 00000040A45C 0 kernel32.dll
00000000986C 00000040A46C 0 GetModuleHandleA
000000009880 00000040A480 0 GetProcAddress
000000009890 00000040A490 0 LoadLibraryA
0000000098A0 00000040A4A0 0 Sleep
0000000098A8 00000040A4A8 0 VirtualProtect
0000000098B8 00000040A4B8 0 DbdDevAPI.dll
0000000098C9 00000040A4C9 0 DbdDevRegisterCallback
0000000098E1 00000040A4E1 0 DbdDevLock
000000009A40 00000040A640 0 \trl2
000000009A50 00000040A650 0 mu.exe
000000009A58 00000040A658 0 sharedq.dll
000000009A6C 00000040A66C 0 LoadLibrary(sharedq.dll)
000000009A88 00000040A688 0 SQReceiveFromServer
000000009AA4 00000040A6A4 0 GetProcAddress(SQReceiveFromServer)
000000009B30 00000040A730 0 ProtectedStorage
000000009BC5 00000040A7C5 0 33333
000000009BE7 00000040A7E7 0 UUUU3
000000009D39 00000040A939 0 VWUSQ
000000009D81 00000040A981 0 33333
File pos Mem pos ID Text
======== ======= == ====
000000009DA3 00000040A9A3 0 UUUU3
000000009E57 00000040AA57 0 UUUU3
000000009EB5 00000040AAB5 0 VWUSQ
000000009F6C 00000040AB6C 0 UUUU3
00000000A09C 00000040AC9C 0 StartServiceCtrlDispatcher
00000000A24C 00000040B04C 0 Error
00000000A254 00000040B054 0 Runtime error at 00000000
00000000A274 00000040B074 0 0123456789ABCDEF
00000000A2A0 00000040B0A0 0 1AY&SX
00000000A2E4 00000040B0E4 0 mu.exe
00000000A2F8 00000040B0F8 0 SpiService.exe
00000000A450 00000040B250 0 <4,$?7/'
00000000A496 00000040B296 0 !"#$%&'()*+,-./012345678
00000000A4E1 00000040B2E1 0 (3-!0
00000000A4E8 00000040B2E8 0 ,1'8"5
00000000A934 00000040E334 0 kernel32.dll
00000000A944 00000040E344 0 DeleteCriticalSection
00000000A95C 00000040E35C 0 LeaveCriticalSection
00000000A974 00000040E374 0 EnterCriticalSection
00000000A98C 00000040E38C 0 InitializeCriticalSection
00000000A9A8 00000040E3A8 0 VirtualFree
00000000A9B6 00000040E3B6 0 VirtualAlloc
00000000A9C6 00000040E3C6 0 LocalFree
00000000A9D2 00000040E3D2 0 LocalAlloc
00000000A9E0 00000040E3E0 0 GetVersion
00000000A9EE 00000040E3EE 0 GetCurrentThreadId
00000000AA04 00000040E404 0 GetThreadLocale
00000000AA16 00000040E416 0 GetStartupInfoA
00000000AA28 00000040E428 0 GetLocaleInfoA
00000000AA3A 00000040E43A 0 GetCommandLineA
00000000AA4C 00000040E44C 0 FreeLibrary
00000000AA5A 00000040E45A 0 ExitProcess
00000000AA68 00000040E468 0 CreateThread
00000000AA78 00000040E478 0 WriteFile
00000000AA84 00000040E484 0 UnhandledExceptionFilter
00000000AAA0 00000040E4A0 0 RtlUnwind
00000000AAAC 00000040E4AC 0 RaiseException
00000000AABE 00000040E4BE 0 GetStdHandle
00000000AACC 00000040E4CC 0 user32.dll
00000000AADA 00000040E4DA 0 GetKeyboardType
00000000AAEC 00000040E4EC 0 MessageBoxA
00000000AAF8 00000040E4F8 0 advapi32.dll
00000000AB08 00000040E508 0 RegQueryValueExA
00000000AB1C 00000040E51C 0 RegOpenKeyExA
00000000AB2C 00000040E52C 0 RegCloseKey
00000000AB38 00000040E538 0 kernel32.dll
00000000AB48 00000040E548 0 TlsSetValue
00000000AB56 00000040E556 0 TlsGetValue
00000000AB64 00000040E564 0 LocalAlloc
00000000AB72 00000040E572 0 GetModuleHandleA
00000000AB84 00000040E584 0 advapi32.dll
00000000AB94 00000040E594 0 RegQueryValueExA
00000000ABA8 00000040E5A8 0 RegOpenKeyExA
00000000ABB8 00000040E5B8 0 RegCloseKey
00000000ABC6 00000040E5C6 0 OpenProcessToken
00000000ABDA 00000040E5DA 0 LookupPrivilegeValueA
00000000ABF2 00000040E5F2 0 InitiateSystemShutdownA
00000000AC0C 00000040E60C 0 AdjustTokenPrivileges
00000000AC22 00000040E622 0 kernel32.dll
00000000AC32 00000040E632 0 lstrlenA
File pos Mem pos ID Text
======== ======= == ====
00000000AC3E 00000040E63E 0 lstrcpynA
00000000AC4A 00000040E64A 0 lstrcpyA
00000000AC56 00000040E656 0 lstrcmpiA
00000000AC62 00000040E662 0 lstrcmpA
00000000AC6E 00000040E66E 0 lstrcatA
00000000AC7A 00000040E67A 0 WriteProcessMemory
00000000AC90 00000040E690 0 WriteFile
00000000AC9C 00000040E69C 0 WaitForSingleObjectEx
00000000ACB4 00000040E6B4 0 WaitForSingleObject
00000000ACCA 00000040E6CA 0 VirtualFreeEx
00000000ACDA 00000040E6DA 0 VirtualAllocEx
00000000ACEC 00000040E6EC 0 TerminateThread
00000000ACFE 00000040E6FE 0 SleepEx
00000000AD08 00000040E708 0 Sleep
00000000AD10 00000040E710 0 SetWaitableTimer
00000000AD24 00000040E724 0 SetFilePointer
00000000AD36 00000040E736 0 SetEvent
00000000AD42 00000040E742 0 ReadFile
00000000AD4E 00000040E74E 0 OpenProcess
00000000AD5C 00000040E75C 0 LocalUnlock
00000000AD6A 00000040E76A 0 LocalSize
00000000AD76 00000040E776 0 LocalReAlloc
00000000AD86 00000040E786 0 LocalLock
00000000AD92 00000040E792 0 LocalFree
00000000AD9E 00000040E79E 0 LocalAlloc
00000000ADAC 00000040E7AC 0 LoadLibraryA
00000000ADBC 00000040E7BC 0 GetWindowsDirectoryA
00000000ADD4 00000040E7D4 0 GetTickCount
00000000ADE4 00000040E7E4 0 GetTempFileNameA
00000000ADF8 00000040E7F8 0 GetSystemTimeAsFileTime
00000000AE12 00000040E812 0 GetSystemDirectoryA
00000000AE28 00000040E828 0 GetProcAddress
00000000AE3A 00000040E83A 0 GetModuleHandleA
00000000AE4E 00000040E84E 0 GetModuleFileNameA
00000000AE64 00000040E864 0 GetLastError
00000000AE74 00000040E874 0 GetFileSize
00000000AE82 00000040E882 0 GetExitCodeThread
00000000AE96 00000040E896 0 GetCurrentProcess
00000000AEAA 00000040E8AA 0 FormatMessageA
00000000AEBC 00000040E8BC 0 FileTimeToSystemTime
00000000AED4 00000040E8D4 0 FileTimeToLocalFileTime
00000000AEEE 00000040E8EE 0 ExitProcess
00000000AEFC 00000040E8FC 0 DuplicateHandle
00000000AF0E 00000040E90E 0 DeleteFileA
00000000AF1C 00000040E91C 0 CreateWaitableTimerA
00000000AF34 00000040E934 0 CreateThread
00000000AF44 00000040E944 0 CreateRemoteThread
00000000AF5A 00000040E95A 0 CreateFileA
00000000AF68 00000040E968 0 CreateEventA
00000000AF78 00000040E978 0 CopyFileA
00000000AF84 00000040E984 0 CloseHandle
00000000AF90 00000040E990 0 gdi32.dll
00000000AF9C 00000040E99C 0 TextOutA
00000000AFA8 00000040E9A8 0 GetTextMetricsA
00000000AFBA 00000040E9BA 0 Escape
00000000AFC4 00000040E9C4 0 EndDoc
00000000AFCE 00000040E9CE 0 DeleteDC
00000000AFDA 00000040E9DA 0 CreateDCA
00000000AFE4 00000040E9E4 0 user32.dll
00000000AFF2 00000040E9F2 0 CreateWindowExA
File pos Mem pos ID Text
======== ======= == ====
00000000B004 00000040EA04 0 UnregisterClassA
00000000B018 00000040EA18 0 TranslateMessage
00000000B02C 00000040EA2C 0 SetTimer
00000000B038 00000040EA38 0 SetForegroundWindow
00000000B04E 00000040EA4E 0 SetFocus
00000000B05A 00000040EA5A 0 SendMessageA
00000000B06A 00000040EA6A 0 RegisterClassA
00000000B07C 00000040EA7C 0 RedrawWindow
00000000B08C 00000040EA8C 0 PostMessageA
00000000B09C 00000040EA9C 0 PeekMessageA
00000000B0AC 00000040EAAC 0 LoadIconA
00000000B0B8 00000040EAB8 0 LoadCursorA
00000000B0C6 00000040EAC6 0 GetWindowTextA
00000000B0D8 00000040EAD8 0 GetWindowDC
00000000B0E6 00000040EAE6 0 GetSystemMetrics
00000000B0FA 00000040EAFA 0 GetMessageA
00000000B108 00000040EB08 0 GetForegroundWindow
00000000B11E 00000040EB1E 0 GetDesktopWindow
00000000B132 00000040EB32 0 GetClientRect
00000000B142 00000040EB42 0 FindWindowExA
00000000B152 00000040EB52 0 FindWindowA
00000000B160 00000040EB60 0 DrawTextA
00000000B16C 00000040EB6C 0 DispatchMessageA
00000000B180 00000040EB80 0 DestroyWindow
00000000B190 00000040EB90 0 DefWindowProcA
00000000B1A2 00000040EBA2 0 CharUpperA
00000000B1AE 00000040EBAE 0 advapi32.dll
00000000B1BE 00000040EBBE 0 StartServiceCtrlDispatcherA
00000000B1DC 00000040EBDC 0 SetServiceStatus
00000000B1F0 00000040EBF0 0 RegisterServiceCtrlHandlerA
00000000B20E 00000040EC0E 0 OpenServiceA
00000000B21E 00000040EC1E 0 OpenSCManagerA
00000000B230 00000040EC30 0 CloseServiceHandle
00000000B246 00000040EC46 0 ChangeServiceConfigA
00000000B25C 00000040EC5C 0 winspool.drv
00000000B26C 00000040EC6C 0 EnumPrintersA
00000000B27A 00000040EC7A 0 user32.dll
00000000B288 00000040EC88 0 wsprintfA
00000000B294 00000040EC94 0 GetMonitorInfoA
00000000B2A6 00000040ECA6 0 EnumDisplayMonitors
00000000B60F 00000041100F 0 0"0*020:0B0J0R0Z0b0j0r0z0
00000000B655 000000411055 0 4%515L5
00000000B65D 00000041105D 0 5.7j7
00000000B67D 00000041107D 0 8$8,8>8J8Y8e8m8x8~8
00000000B6A9 0000004110A9 0 9'929S9k9
00000000B6BB 0000004110BB 0 :O:o:
00000000B6CD 0000004110CD 0 <(<3<<<C<R<Y<{<
00000000B6EF 0000004110EF 0 >Z>c>y>
00000000B6FF 0000004110FF 0 ?*?T?]?m?u?{?
00000000B72B 00000041112B 0 0 080D0L0c0r0
00000000B745 000000411145 0 0$1H1f1v1|1
00000000B75D 00000041115D 0 2m2t2
00000000B77F 00000041117F 0 4#4G4g4
00000000B79D 00000041119D 0 8)8?8]8s8
00000000B7B1 0000004111B1 0 9 989F9z9
00000000B7C5 0000004111C5 0 :0:9:k:t:
00000000B7E1 0000004111E1 0 <,=4=?=k=
00000000B7F1 0000004111F1 0 =&>*>0>4>9>@>F>N>Y>h>p>
00000000B819 000000411219 0 ?#?>?S?]?b?
00000000B838 000000411238 0 &0/0U0b0x0
File pos Mem pos ID Text
======== ======= == ====
00000000B84B 00000041124B 0 5F5M5_5}5
00000000B85D 00000041125D 0 6?6K6R6\6f6}6
00000000B885 000000411285 0 7*7?7P7Z7b7j7r7z7
00000000B8A3 0000004112A3 0 8*868;8@8G8N8X8o8{8
00000000B8D3 0000004112D3 0 9"9*929:9B9J9R9Z9b9j9r9z9
00000000B913 000000411313 0 :":*:2:::B:J:R:Z:b:j:r:z:
00000000B953 000000411353 0 ;";*;2;:;B;J;R;Z;b;j;r;z;
00000000B997 000000411397 0 ="=0=E=R=W=d=i=v={=
00000000B9CD 0000004113CD 0 >*>/><>A>N>S>
00000000B9F1 0000004113F1 0 0.0;0G0T0f0n0{0
00000000BA05 000000411405 0 0.161>1F1N1
00000000BA4D 00000041144D 0 686=6P6{6
00000000BA67 000000411467 0 8K90:C:Y:
00000000BA77 000000411477 0 ;+;4;G;q;
00000000BA85 000000411485 0 ;[<f<z<
00000000BAAD 0000004114AD 0 >">'>2>7><>G>L>Q>\>a>f>q>v>{>
00000000BB01 000000411501 0 2$2:2Y2h3
00000000BB25 000000411525 0 8'8.8C8H8X8o8{8
00000000BB3D 00000041153D 0 8k9w9
00000000BB5F 00000041155F 0 ;6;?;l;x;
00000000BB79 000000411579 0 =(=.=6=E=P=V=
00000000BBBF 0000004115BF 0 90:>:a:o:
00000000BBDB 0000004115DB 0 <*<1<7<=<
00000000BBF1 0000004115F1 0 >#>R>
00000000BBFD 0000004115FD 0 >>?N?_?p?{?
00000000BC20 000000411620 0 D0P0_0n0}0
00000000BC3D 00000041163D 0 2'242N2
00000000BC4B 00000041164B 0 3&30353
00000000BC59 000000411659 0 4G4U4v4
00000000BC69 000000411669 0 595I5Z5k5
00000000BC7B 00000041167B 0 6;6@6i6w6
00000000BC93 000000411693 0 8?8D8
00000000BCAD 0000004116AD 0 <$<A<O<
00000000BCD3 0000004116D3 0 ="=7=>=K=[=p=
00000000BCF5 0000004116F5 0 >!?.?~?
00000000BD0F 00000041170F 0 0%0?0
00000000BD1B 00000041171B 0 1!1'1L1j1q1
00000000BD55 000000411755 0 0%1.141;1U1\1e1q1
00000000BD69 000000411769 0 1$2@2[2
00000000BD77 000000411777 0 2-3X3j3
00000000BD95 000000411795 0 4@5H5|5
00000000BDBD 0000004117BD 0 8$8#9
00000000BDE5 0000004117E5 0 ;#;';+;/;3;7;;;?;S<h<}<
00000000BE01 000000411801 0 =-=D=
00000000BE44 000000411844 0 $050:0?0T0
00000000BE4F 00000041184F 0 1$1B1J1Y1/343{3
00000000BE75 000000411875 0 5)53585G5Q5V5e5y5~5
00000000BEAF 0000004118AF 0 8+8<8D8\8k8u8~8
00000000BEE1 0000004118E1 0 : :(:0:;:
00000000BEF7 0000004118F7 0 ;0;6;<;B;H;S;
00000000BF17 000000411917 0 < <$<(<,<0<4<8<<<@<D<L<W<b<f<k<
00000000BF40 000000411940 0 $0(0,0
00000000C3F0 0000004123F0 0 PADDINGXXPADDING
00000000C05E 00000041205E 0 VS_VERSION_INFO
00000000C0BA 0000004120BA 0 StringFileInfo
00000000C0DE 0000004120DE 0 040904B0
00000000C0F6 0000004120F6 0 CompanyName
00000000C110 000000412110 0 Microsoft Corporation
00000000C142 000000412142 0 FileDescription
00000000C164 000000412164 0 LSA Shell (Export Version)
File pos Mem pos ID Text
======== ======= == ====
00000000C1A2 0000004121A2 0 FileVersion
00000000C1BC 0000004121BC 0 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
00000000C216 000000412216 0 InternalName
00000000C230 000000412230 0 lsass.exe
00000000C24A 00000041224A 0 LegalCopyright
00000000C26A 00000041226A 0 Microsoft Corporation. All rights reserved.
00000000C2CA 0000004122CA 0 OriginalFilename
00000000C2EC 0000004122EC 0 lsass.exe
00000000C306 000000412306 0 ProductName
00000000C346 000000412346 0 Operating System
00000000C372 000000412372 0 ProductVersion
00000000C390 000000412390 0 5.1.2600.2180
00000000C3B2 0000004123B2 0 VarFileInfo
00000000C3D2 0000004123D2 0 Translation